Hi (fwd)
Matthew Sullivan
matthew at sorbs.net
Thu Mar 18 22:06:45 UTC 2004
william(at)elan.net wrote:
>FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post
>
>Somebody sent me a copy of the content and its vbscript that downloads an
>image converts it into executable and then probably uses some bug in
>microshit products to have it executed. I'm not that good with windows
>scripting so whoever of the security people here wants to see it futher if
>you can not get it yourself, let me know. Its possible this maybe zombie
>making virus using nanog to replicate (somebody's sick joke) but possibly
>its more general with other lists too. Spammers and virus writers joined
>together are getting nastier and nastier.
>
>
It's another varient of Bagle...
My analysis of it is at: http://www.au.sorbs.net/virus.explain.txt -
since then Symantec has release it's more detailed explaination under
the headings for Bagle.r and Bagle.s
/ Mat
More information about the NANOG
mailing list